Contact Us
-
Finance and Treasurer
- St. Thomas Hall, Room 200
- 800 Linden Street
- Scranton, PA 18510-4694
- Phone: (570) 941-7411
- Fax: (570) 941-7595
- Finance Home Page
FAQ
What is internal auditing? What are the types of internal audits?
As defined1 by the Institute of Internal Auditors, "internal auditing is and independent, objective assurance and consulting activity designed to add value and improve an organization's operations."
There are five general types2 of internal audits:
1. Financial Audits - these audits relate to accounting, recording, and reporting of financial transactions. Testing the adequacy of internal controls over financial reporting also falls within the scope of financial audits.
2. Compliance Audits - these audits seek to determine if departments are adhering to federal, state, and ÐÓ°ÉÔ°æ rules, regulations, policies, and procedures.
3. Operational Audits - these audits examine the use of department/university resources to evaluate whether those resources are being utilized in the most efficient and effective way to fulfill the department's/ÐÓ°ÉÔ°æ's mission and objectives. An operational audit may include elements of a compliance audit, a financial audit, and an information systems audit.
4. Investigative Audits are performed when appropriate. These audits focus on alleged violations of federal and state laws and of ÐÓ°ÉÔ°æ policies and regulations and may focus on internal theft, misuse of ÐÓ°ÉÔ°æ assets, and conflicts of interest are examples of investigative audits.
5. Information Systems (IS) Audits - these audits address the internal control environment of automated information processing systems and how these systems are used. IS audits typically evaluate system input, output and processing controls, backup and recovery plans, and system security, as well as computer facility reviews.
IA’s scope of work is comprehensive and considers all aspects of the organization - both financial and non-financial - with an emphasis on constructive improvement.
1Source: IIA, "All In A Days Work", <https://na.theiia.org/about-ia/PublicDocuments/06262_All_In_A_Days_Work-Rev.pdf>
2Source: Carnegie Mellon ÐÓ°ÉÔ°æ, Audit Services, <https://www.cmu.edu/finance/audit-services/internal/types-of-audits.html>
How are areas selected for an audit?
Each fiscal year the Internal Auditor prepares a draft audit plan of proposed internal audits and other projects for the upcoming year. The results of a periodic comprehensive ÐÓ°ÉÔ°æ risk assessment are considered in selecting the frequency and scope of areas to select. The Senior Vice President for Finance/Treasurer reviews the draft audit plan with the Internal Auditor before it is presented to the ÐÓ°ÉÔ°æ's Finance Committee for final approval.
The audit plan is flexible to allow for an investigation of possible irregularities as they arise. Special management requests for an audit review are also given consideration.
In the past few years the annual audit plan included the following work categories and estimated percentage of time devoted to each.
New internal audits: |
40% |
External audit assignments: |
20% |
Monitoring control procedures: |
15% |
Special projects and training: |
15% |
Post audit implementation reviews: |
10% |
New internal audits may be conducted on any ÐÓ°ÉÔ°æ department or process. The scope may focus on internal controls, operational efficiency, compliance with laws and policies, or sound management practices.
External audit assignments relate to the ÐÓ°ÉÔ°æ's mandatory annual financial audit, OMB Circular A-133 audit, and retirement plans audit.
Monitoring control procedures relate to periodic monitoring of the ÐÓ°ÉÔ°æ's purchasing card transactions, federally funded labor cost allocations, student credits, room and board billing, and physical inventory of fixed assets. Information technology controls, such as employee access rights, are also monitored.
Special projects and training relate to the Internal Auditor's participation in ÐÓ°ÉÔ°æ task forces and committees, international student tax reporting, professional training, and other special projects.
Post audit implementation reviews relate to revisiting an audited area to report on the status of audit recommendations and to provide implementation assistance wherever possible.
What is the authority of the Office of Internal Audit?
The Office of Internal Audit has been authorized by the ÐÓ°ÉÔ°æ's Finance Committee of the Board of Trustees and the ÐÓ°ÉÔ°æ President to have unrestricted access to all ÐÓ°ÉÔ°æ records, property and personnel. The Internal Auditor will make every effort to ensure that the security of assets and privacy of records are not compromised and services are not unnecessarily disrupted.
The Internal Auditor reports to the Senior Vice President for Finance/Treasurer. The Internal Auditor may also report a finding directly to the ÐÓ°ÉÔ°æ's Finance Committee if a conflict of interest condition exists.
What can be expected when an audit is scheduled?
Who will receive the audit report?
The department head/director and the Vice President of the area audited, as well as the Senior Vice President for Finance/Treasurer, receive a full copy of the audit report. Other personnel who will be instrumental in implementing one or more audit recommendations will receive either a full copy of the audit report or selected findings and recommendations, as appropriate.
Management of the area being audited will receive one or more draft audit reports and have an opportunity to prepare a written response to each finding and recommendation as described under the .
The ÐÓ°ÉÔ°æ's Finance Committee of the Board of Trustees receives findings considered to be "major" as defined in the . The Internal Auditor also summarizes all significant audit findings, recommendations and improvements made each year for presentation to the Finance Committee.
How long does it usually take to do an audit?
Is there ever a surprise audit?
Usually the area to be audited will be notified. However, surprise audits are conducted.